Current status

Detailed Description

FreeIPA in Fedora 19 already supports cross-realm trusts with Active Directory. New version of FreeIPA will make possible to access FreeIPA resources from any subdomain of an Active Directory forest.

Benefit to Fedora

Environments with FreeIPA and cross-realm trusts to Active Directory domains will be fully integrated in both directions (AD -> FreeIPA and FreeIPA -> AD).

Scope

This change requires expansion of logic in FreeIPA-provided database driver to Kerberos KDC. Additionally, it requires development of Global Catalog Service compatible with Active Directory. This is fairly isolated effort within FreeIPA.